Can you manage an Active Directory^® (AD) user entirely from the cloud? The short answer is yes, although you may be surprised to find out how. Before we detail the long answer, let’s first talk about why this is a pressing question in the first place.

The Dominance of AD

Microsoft^® Active Directory is the most popular on-prem commercial directory service, serving as a staple of identity management since its inception in 1999. 

At that time, the average IT environment was fairly uniform. Many organizations were centered on Microsoft’s on-prem Windows^® infrastructure; Windows Server, the Windows desktop operating system, and Windows applications all played core roles in an employee’s daily duties. As a Microsoft-centric directory service, AD naturally fit the identity management needs of most, if not virtually all IT organizations of the day. 

With its popularity, Active Directory set the bar for the directory service. AD connected users to virtually all the IT resources in use at the time, and it unified a user’s identity into one set of credentials. This collection of resources is often referred to as the domain, with AD sitting in the center as the domain controller. IT admins used the domain controller to manage security settings on all Windows user systems from a single screen and used AD to provide access to internal networks as well.

Cloud Difficulties

The rise of web 2.0 technology introduced many innovations to improve efficiency for end users and IT departments alike. Software and infrastructure was increasingly offered “as-a-Service” from the cloud. Meanwhile Mac^® and Linux^® adoption surged. AD struggled to manage these new resources. The most powerful identity platform in the IT environment became fractured.

In response, vendors in the identity management space created new solutions to help AD identities bridge the gap to cloud resources. These “add-on” solutions, if you will, filled holes that the cloud created in AD’s domain. Many of these solutions were also offered from the cloud as-a-Service, meaning that IT admins could leverage (Read more…)